package org.jasig.cas.authentication;

import com.codahale.metrics.annotation.Counted;
import com.codahale.metrics.annotation.Metered;
import com.codahale.metrics.annotation.Timed;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.internal.AroundClosure;
import org.aspectj.runtime.reflect.Factory;
import org.jasig.cas.authentication.principal.NullPrincipal;
import org.jasig.cas.authentication.principal.Principal;
import org.jasig.cas.authentication.principal.PrincipalResolver;
import org.jasig.inspektr.aspect.TraceLogAspect;
import org.jasig.inspektr.audit.annotation.Audit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;

@Component("authenticationManager")
/* loaded from: input_file:org/jasig/cas/authentication/PolicyBasedAuthenticationManager.class */
public class PolicyBasedAuthenticationManager implements AuthenticationManager {
    protected final transient Logger logger;
    private List<AuthenticationMetaDataPopulator> authenticationMetaDataPopulators;
    private AuthenticationPolicy authenticationPolicy;

    @Resource(name = "authenticationHandlersResolvers")
    private Map<AuthenticationHandler, PrincipalResolver> handlerResolverMap;
    private static final JoinPoint.StaticPart ajc$tjp_0 = null;

    /* loaded from: input_file:org/jasig/cas/authentication/PolicyBasedAuthenticationManager$AjcClosure1.class */
    public class AjcClosure1 extends AroundClosure {
        public AjcClosure1(Object[] objArr) {
            super(objArr);
        }

        public Object run(Object[] objArr) {
            Object[] objArr2 = ((AroundClosure) this).state;
            return PolicyBasedAuthenticationManager.authenticate_aroundBody0((PolicyBasedAuthenticationManager) objArr2[0], (AuthenticationTransaction) objArr2[1], (JoinPoint) objArr2[2]);
        }
    }

    protected PolicyBasedAuthenticationManager() {
        this.logger = LoggerFactory.getLogger(getClass());
        this.authenticationMetaDataPopulators = new ArrayList();
        this.authenticationPolicy = new AnyAuthenticationPolicy();
    }

    public PolicyBasedAuthenticationManager(AuthenticationHandler... authenticationHandlerArr) {
        this((List<AuthenticationHandler>) Arrays.asList(authenticationHandlerArr));
    }

    public PolicyBasedAuthenticationManager(List<AuthenticationHandler> list) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.authenticationMetaDataPopulators = new ArrayList();
        this.authenticationPolicy = new AnyAuthenticationPolicy();
        Assert.notEmpty(list, "At least one authentication handler is required");
        this.handlerResolverMap = new LinkedHashMap(list.size());
        Iterator<AuthenticationHandler> it = list.iterator();
        while (it.hasNext()) {
            this.handlerResolverMap.put(it.next(), null);
        }
    }

    public PolicyBasedAuthenticationManager(Map<AuthenticationHandler, PrincipalResolver> map) {
        this.logger = LoggerFactory.getLogger(getClass());
        this.authenticationMetaDataPopulators = new ArrayList();
        this.authenticationPolicy = new AnyAuthenticationPolicy();
        Assert.notEmpty(map, "At least one authentication handler is required");
        this.handlerResolverMap = map;
    }

    @Timed(name = "AUTHENTICATE_TIMED")
    @Counted(name = "AUTHENTICATE_COUNT", monotonic = true)
    @Metered(name = "AUTHENTICATE_METER")
    @Audit(action = "AUTHENTICATION", actionResolverName = "AUTHENTICATION_RESOLVER", resourceResolverName = "AUTHENTICATION_RESOURCE_RESOLVER")
    public Authentication authenticate(AuthenticationTransaction authenticationTransaction) throws AuthenticationException {
        return (Authentication) TraceLogAspect.aspectOf().traceMethod(new AjcClosure1(new Object[]{this, authenticationTransaction, Factory.makeJP(ajc$tjp_0, this, this, authenticationTransaction)}).linkClosureAndJoinPoint(69648));
    }

    private void populateAuthenticationMetadataAttributes(AuthenticationBuilder authenticationBuilder, Collection<Credential> collection) {
        for (AuthenticationMetaDataPopulator authenticationMetaDataPopulator : this.authenticationMetaDataPopulators) {
            for (Credential credential : collection) {
                if (authenticationMetaDataPopulator.supports(credential)) {
                    authenticationMetaDataPopulator.populateAttributes(authenticationBuilder, credential);
                }
            }
        }
    }

    private void addAuthenticationMethodAttribute(AuthenticationBuilder authenticationBuilder, Authentication authentication) {
        Iterator it = authentication.getSuccesses().values().iterator();
        while (it.hasNext()) {
            authenticationBuilder.addAttribute("authenticationMethod", ((HandlerResult) it.next()).getHandlerName());
        }
    }

    @Resource(name = "authenticationMetadataPopulators")
    public final void setAuthenticationMetaDataPopulators(List<AuthenticationMetaDataPopulator> list) {
        this.authenticationMetaDataPopulators = list;
    }

    @Resource(name = "authenticationPolicy")
    public void setAuthenticationPolicy(AuthenticationPolicy authenticationPolicy) {
        this.authenticationPolicy = authenticationPolicy;
    }

    protected AuthenticationBuilder authenticateInternal(Collection<Credential> collection) throws AuthenticationException {
        DefaultAuthenticationBuilder defaultAuthenticationBuilder = new DefaultAuthenticationBuilder(NullPrincipal.getInstance());
        Iterator<Credential> it = collection.iterator();
        while (it.hasNext()) {
            defaultAuthenticationBuilder.addCredential(new BasicCredentialMetaData(it.next()));
        }
        for (Credential credential : collection) {
            boolean z = false;
            for (Map.Entry<AuthenticationHandler, PrincipalResolver> entry : this.handlerResolverMap.entrySet()) {
                AuthenticationHandler key = entry.getKey();
                if (key.supports(credential)) {
                    z = true;
                    try {
                        authenticateAndResolvePrincipal(defaultAuthenticationBuilder, credential, entry.getValue(), key);
                        if (this.authenticationPolicy.isSatisfiedBy(defaultAuthenticationBuilder.build())) {
                            return defaultAuthenticationBuilder;
                        }
                    } catch (GeneralSecurityException e) {
                        this.logger.info("{} failed authenticating {}", key.getName(), credential);
                        this.logger.debug("{} exception details: {}", key.getName(), e.getMessage());
                        defaultAuthenticationBuilder.addFailure(key.getName(), e.getClass());
                    } catch (PreventedException e2) {
                        this.logger.error("{}: {}  (Details: {})", new Object[]{key.getName(), e2.getMessage(), e2.getCause().getMessage()});
                        defaultAuthenticationBuilder.addFailure(key.getName(), e2.getClass());
                    }
                }
            }
            if (!z) {
                this.logger.warn("Cannot find authentication handler that supports [{}] of type [{}], which suggests a configuration problem.", credential, credential.getClass().getSimpleName());
            }
        }
        evaluateProducedAuthenticationContext(defaultAuthenticationBuilder);
        return defaultAuthenticationBuilder;
    }

    private void evaluateProducedAuthenticationContext(AuthenticationBuilder authenticationBuilder) throws AuthenticationException {
        if (authenticationBuilder.getSuccesses().isEmpty()) {
            throw new AuthenticationException(authenticationBuilder.getFailures(), authenticationBuilder.getSuccesses());
        }
        if (!this.authenticationPolicy.isSatisfiedBy(authenticationBuilder.build())) {
            throw new AuthenticationException(authenticationBuilder.getFailures(), authenticationBuilder.getSuccesses());
        }
    }

    private void authenticateAndResolvePrincipal(AuthenticationBuilder authenticationBuilder, Credential credential, PrincipalResolver principalResolver, AuthenticationHandler authenticationHandler) throws GeneralSecurityException, PreventedException {
        Principal resolvePrincipal;
        HandlerResult authenticate = authenticationHandler.authenticate(credential);
        authenticationBuilder.addSuccess(authenticationHandler.getName(), authenticate);
        this.logger.info("{} successfully authenticated {}", authenticationHandler.getName(), credential);
        if (principalResolver == null) {
            resolvePrincipal = authenticate.getPrincipal();
            this.logger.debug("No resolver configured for {}. Falling back to handler principal {}", authenticationHandler.getName(), resolvePrincipal);
        } else {
            resolvePrincipal = resolvePrincipal(authenticationHandler.getName(), principalResolver, credential);
        }
        if (resolvePrincipal != null) {
            authenticationBuilder.setPrincipal(resolvePrincipal);
        }
    }

    protected Principal resolvePrincipal(String str, PrincipalResolver principalResolver, Credential credential) {
        if (!principalResolver.supports(credential)) {
            this.logger.warn("{} is configured to use {} but it does not support {}, which suggests a configuration problem.", new Object[]{str, principalResolver, credential});
            return null;
        }
        try {
            Principal resolve = principalResolver.resolve(credential);
            this.logger.debug("{} resolved {} from {}", new Object[]{principalResolver, resolve, credential});
            return resolve;
        } catch (Exception e) {
            this.logger.error("{} failed to resolve principal from {}", new Object[]{principalResolver, credential, e});
            return null;
        }
    }

    static {
        ajc$preClinit();
    }

    static final Authentication authenticate_aroundBody0(PolicyBasedAuthenticationManager policyBasedAuthenticationManager, AuthenticationTransaction authenticationTransaction, JoinPoint joinPoint) {
        AuthenticationBuilder authenticateInternal = policyBasedAuthenticationManager.authenticateInternal(authenticationTransaction.getCredentials());
        Authentication build = authenticateInternal.build();
        Principal principal = build.getPrincipal();
        if (principal instanceof NullPrincipal) {
            throw new UnresolvedPrincipalException(build);
        }
        policyBasedAuthenticationManager.addAuthenticationMethodAttribute(authenticateInternal, build);
        policyBasedAuthenticationManager.logger.info("Authenticated {} with credentials {}.", principal, authenticationTransaction.getCredentials());
        policyBasedAuthenticationManager.logger.debug("Attribute map for {}: {}", principal.getId(), principal.getAttributes());
        policyBasedAuthenticationManager.populateAuthenticationMetadataAttributes(authenticateInternal, authenticationTransaction.getCredentials());
        return authenticateInternal.build();
    }

    private static void ajc$preClinit() {
        Factory factory = new Factory("PolicyBasedAuthenticationManager.java", PolicyBasedAuthenticationManager.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "authenticate", "org.jasig.cas.authentication.PolicyBasedAuthenticationManager", "org.jasig.cas.authentication.AuthenticationTransaction", "transaction", "org.jasig.cas.authentication.AuthenticationException", "org.jasig.cas.authentication.Authentication"), 129);
    }
}
